From 08ae2c2ada8b21ee3544c00b8a1042e8c1b2eb28 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Tue, 11 Sep 2018 17:38:50 +0100 Subject: Protect blocks of code by testing whether ipv6 is active This has the effect of allowing someone to disable ipv6 entirely, and the script do the right thing. Move the enabling of DAD into the correct section - no idea how it ended up in the ipv4 block of code. D'oh. Signed-off-by: Robby Workman --- rc.inet1 | 50 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 20 deletions(-) (limited to 'rc.inet1') diff --git a/rc.inet1 b/rc.inet1 index 971d045..6668c44 100644 --- a/rc.inet1 +++ b/rc.inet1 @@ -62,8 +62,9 @@ for i in "${IFNAME[@]}"; do fi fi done -# Normally the ipv6 module would be automatically loaded when the first IP is assigned to an interface, -# but autoconf/accept_ra need to be set to 0 before that happens, so pre-load ipv6 here. +# Normally the ipv6 module would be automatically loaded when the first IP is assigned to an +# interface (assuming ipv6 has not been disabled entirely), but autoconf/accept_ra need to be +# set to 0 before that happens, so try to pre-load ipv6 here. if [ ! -e /proc/sys/net/ipv6 ]; then /sbin/modprobe ipv6 fi @@ -181,20 +182,26 @@ if_up() { if [ -x /etc/rc.d/rc.wireless ]; then . /etc/rc.d/rc.wireless ${1} start fi - # Disable v6 IP auto configuration before trying to bring up the interface: - echo "0" >/proc/sys/net/ipv6/conf/$1/autoconf - # Disable Router Advertisment for this interface until it's needed: - echo "0" >/proc/sys/net/ipv6/conf/$1/accept_ra - IF_UP=0 + if [ -e /proc/sys/net/ipv6 ]; then # ipv6 networking is available + # Disable v6 IP auto configuration before trying to bring up the interface: + echo "0" >/proc/sys/net/ipv6/conf/$1/autoconf + # Disable Router Advertisment for this interface until it's needed: + echo "0" >/proc/sys/net/ipv6/conf/$1/accept_ra + fi + local IF_UP=0 # Slackware historically favours dynamic configuration over fixed IP to configure interfaces, so keep that tradition: - if [ "${USE_DHCP[$i]}" = "yes" ] || [ "${USE_DHCP6[$i]}" = "yes" ]; then # use dhcpcd to bring interface up + if [ "${USE_DHCP[$i]}" = "yes" ] || { [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" = "yes" ]; }; then # use dhcpcd # Declare DHCP_OPTIONS array before adding new options to it: declare -a DHCP_OPTIONS=() # Set DHCP_OPTIONS for this interface: - if [ "${USE_DHCP[$i]}" = "yes" ] && [ "${USE_DHCP6[$i]}" != "yes" ]; then # only try v4 dhcp + if [ -e /proc/sys/net/ipv6 ]; then + if [ "${USE_DHCP[$i]}" = "yes" ] && [ "${USE_DHCP6[$i]}" != "yes" ]; then # only try v4 dhcp + DHCP_OPTIONS+=("-4") + elif [ "${USE_DHCP[$i]}" != "yes" ] && [ "${USE_DHCP6[$i]}" = "yes" ]; then # only try v6 dhcp + DHCP_OPTIONS+=("-6") + fi + else DHCP_OPTIONS+=("-4") - elif [ "${USE_DHCP[$i]}" != "yes" ] && [ "${USE_DHCP6[$i]}" = "yes" ]; then # only try v6 dhcp - DHCP_OPTIONS+=("-6") fi [ -n "${DHCP_HOSTNAME[$i]}" ] && DHCP_OPTIONS+=("-h" "${DHCP_HOSTNAME[$i]}") [ "${DHCP_KEEPRESOLV[$i]}" = "yes" ] && DHCP_OPTIONS+=("-C" "resolv.conf") @@ -216,7 +223,7 @@ if_up() { /sbin/ip link set dev ${1} down fi fi - if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure interface via stateless auto config + if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC echo "/etc/rc.d/rc.inet1: using Router Advertisement stateless auto configuration for ${1}" | $LOGGER # Enable accepting of router advertisment packets, and auto configuration of interfaces: echo "1" >/proc/sys/net/ipv6/conf/$1/accept_ra @@ -236,11 +243,6 @@ if_up() { fi fi if [ "${USE_DHCP[$i]}" != "yes" ] && [ -n "${IPADDR[$i]}" ]; then # add a fixed v4 IP to the interface - # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as - # described here: https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition - # Disable DAD while bringing up the interface - but note that this means the loss of detection of a - # duplicate address. It's a trade off, unfortunately. - echo "0" >/proc/sys/net/ipv6/conf/$1/accept_dad if [ -z "${NETMASK[$i]}" ]; then echo "/etc/rc.d/rc.inet1: no NETMASK set for ${1} - assuming 24 (aka, 255.255.255.0)" | $LOGGER NETMASK[$i]="24" @@ -255,7 +257,13 @@ if_up() { /sbin/ip link set dev ${1} down fi fi - if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" != "yes" ] && [ -n "${IP6ADDR[$i]}" ]; then # add a fixed v6 IP + if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" != "yes" ] && \ + [ -n "${IP6ADDR[$i]}" ]; then # add a fixed v6 IP + # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as + # described here: https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition + # Disable DAD while bringing up the interface - but note that this means the loss of detection of a + # duplicate address. It's a trade off, unfortunately. + echo "0" >/proc/sys/net/ipv6/conf/$1/accept_dad if [ -z "${PREFIXLEN[$i]}" ]; then echo "/etc/rc.d/rc.inet1: no PREFIXLEN set for ${1} - assuming 64" | $LOGGER PREFIXLEN[$i]="64" @@ -288,7 +296,7 @@ if_up() { fi done fi - if [ -n "${IP6ALIASES[$i]}" ]; then + if [ -e /proc/sys/net/ipv6 ] && [ -n "${IP6ALIASES[$i]}" ]; then # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as # described here: https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition # Disable DAD while bringing up the interface - but note that this means the loss of detection of a @@ -315,7 +323,9 @@ if_up() { /sbin/ip link set dev ${1} promisc on fi # Reset accept_dad back to default now all the IPs are configured: - cat /proc/sys/net/ipv6/conf/default/accept_dad >/proc/sys/net/ipv6/conf/$1/accept_dad + if [ -e /proc/sys/net/ipv6 ]; then + cat /proc/sys/net/ipv6/conf/default/accept_dad >/proc/sys/net/ipv6/conf/$1/accept_dad + fi fi else debug_log "${1} is already up, skipping" -- cgit v1.2.3